Available for presale! I believe it ships in March. I’ll be giving some copies away as well when I get them. All proceeds for my portion are going to CAL FIRE ! amazon.com/Gray-Hat-Hacki…

We’re thrilled to announce our SANS #HolidayHack Challenge 2021 winners! 🥇 Most Creative: Jai Minton 🥇 Best Technical Answer: 0xdf 🥇 Best Overall Answer: CraHan Congratulations!!

@thecodinghigh I hear you. It can be tough. ❤️ For any well-meaning dudes reading this thread who are like "OK but what can I do about it?", here's a blog post which might help you: dev.to/annajmcdougall…

Hacking APIs Book Giveaway sponsored by APIsec.ai! We are giving away 10 print books. One entry per: ♥️ Like 🔁 RT 👑Bonus entry to anyone who follows APIsec. Ends in 48 hours!

Giveaway time! To celebrate 60k followers! We are going to send our new socks and few goodies to one person who follows PentesterLab and likes this tweet !! And we are going to give a 1-month voucher to **60** people who RT this tweet!

❗ ALERT ❗ The ACSC is supporting Optus through their recent cyber attack. Optus encourages their customers to have a heightened awareness across their accounts to protect themselves from fraud. ACSC guidance is available at cyber.gov.au/acsc/view-all-…

LastPass update: The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data as well as fully-encrypted sensitive fields. blog.lastpass.com/2022/12/notice…

BSides Canberra 2023 tickets are now on sale: eventbrite.com.au/e/bsides-canbe…

"External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another msrc.microsoft.com/update-guide/v…

🚨 NEW Feature Alert! 🚨 📸 With the httpx v1.3.0 release you can now take screenshots of target URLs, pages, or endpoints along with the rendered DOM! 😱 ⌨️ Update httpx with the -up option now to try it out! What are you waiting for! 🤘 #hackwithautomation #bugbounty

Over the last few months, I’ve been working on a little project with the ABC here in Australia to help people visualise their exposure in data breaches. This has just gone live today and I reckon they’ve done an amazing job, check it out: abc.net.au/news/2023-05-1…

Giveaway! 🎉 I'm going to buy someone a new MacBook Pro M2 13". To enter, retweet this tweet, then follow: Luke Stephens (hakluke), HackerContent & haksec.io. If you're a cybersecurity org looking for high quality content and social media management, check out hackercontent.com 👇

The optics here for @arm are not good at all. This is bullying behaviour and given how much Azeria has done to highlight arm security and research, a poor look for arm.

Do you want to understand how this Cross-Site Scripting payload works? I made a video investigating this one: x(""+{a:location=name}+"")

Two years later, and ChatGPT revived this AMSI bypass 🤣 ChatGPT share: chat.openai.com/share/b6e38f83… GitHub gist: gist.github.com/jeffmcjunkin/a… Remember, any rewrite will break fragile signatures. AV/EDR signatures made by machine learning are no less fragile!

*NEW* BHIS | Tester Blog GraphRunner is here to help you during post-exploitation to identify and exploit common M365 vulnerabilities. Introducing GraphRunner: A Post-Exploitation Toolset for Microsoft 365 by: Beau Bullock & Steve Borosh Published: 10/19/2023 blackhillsinfosec.com/introducing-gr…

Citrixbleed: On Oct 10th, Citrix announced a security advisory for CVE-2023-4966, a sensitive information disclosure bug marked as CVSS 9.4 affecting Netscaler Gateway. The security research team at Assetnote was able to reproduce the vulnerability. Blog post here:

TeamYouTube YouTube is closing Rugby Football Union & its translation channels. RFU is a professional reporter about Ukraine. A huge bot attack reported all channels for all violations. 7 RFU channels got deleted. Many others got demonetized for “reused content”. Appeals rejected. Please help.

This week, I explore bypassing EDR memory protections using DFIR tools to dump memory and pull creds. Walks by almost everything. youtu.be/RW3cEdKbC4E

Anyone else side-eyeing CVE-2024-38063 patched today? 👀 Unauthenticated RCE w/SYSTEM privs 😒. Microsoft assessed this sucker with Max criticality & Low attack complexity.